In September 2007, anti-piracy company MediaDefender's emails went public after a hacker gained access to their systems. The attacks cost the company a huge amount of money, not to mention acute embarrassment. Now the person behind the attacks speaks.

The whole Media Defender scandal needs little introduction. The anti-piracy company is incredibly unpopular with most of the file-sharing community, so when they fell victim to a hacker and their company secrets spread all over the Internet, few held much sympathy for them.

Soon it became known that a shadowy group known as MediaDefender-Defenders appeared to be behind the attack – they host the Media Defender emails on their website to this day, but little was known about the chain events, or who was behind them – until now.

In an interview with portfolio, the hacker (using the pseudonym ‘Ethan’) explains how things led up to the leak. Ethan, a polite high-school student who lives with his family, was on his Christmas break when he first gained access to the anti-piracy companies servers by exploiting a weakness in their firewall. This was the end of 2006, at a time when business was still good for Media Defender, with revenue standing at nearly $16m.

The interviewer, Daniel Roth, says he communicated with Ethan on pre-pay phone to ensure security. Meeting after school in a local bookstore, Ethan handed over a flash drive holding confidential Media Defender information, explaining that the initial security breach hadn’t amounted to much and that he had difficulty in gaining the interest of fellow hackers. However, a few months later Ethan decided to go back and take a second look – which bore more fruit – giving him access to the company’s email, it’s networked resources and even its telephone system. He then explains how he passed on some of the information to a fellow hacker who gained access to Media Defender servers and used them for denial-of-service attacks.

Logging in a handful of times each month through the summer of 2007, Ethan started to get bored with ‘Monkey Defenders’ – his pet name for the anti-piracy outfit. Deciding to go out with a bang, he and the Media Defender-Defenders gathered thousands of the company’s internal emails and published them on web.

A text file included with the emails stated: “By releasing these emails we hope to secure the privacy and personal integrity of all peer-to-peer users. The emails contains information about the various tactics and technical solutions for tracking p2p users, and disrupt p2p services,” and “A special thanks to Jay Maris, for circumventing there entire email-security by forwarding all your emails to your gmail account”

Just days later, slamming the anti-piracy company again and again seemed to be the aim of Ethan and friends, as they released a private telephone conversation with the New York attorney general’s office, a P2P tracking database, followed a few days later by all of Media Defender’s anti-piracy tools.

Ethan said that he didn’t set out to ruin Media Defender: “In the beginning, I had no motivation against Monkey Defenders” he said. “It wasn’t like, ‘I want to hack those bastards’. But then I found something, and the good nature in me said, These guys are not right. I’m going to destroy them.”

Ethan, who is now sought after by the FBI because of the leaked emails, is getting close to this goal. It all went downhill for MediaDefender after the leaks got out. In November it turned out that MediaDefender’s parent company ArtistDirect lost almost $1,000,000 because of the hack, and their stock price plunged soon after that.

To make it even worse, a week after the sensitive information was made public, the Pirate Bay launched a counterattack against their arch rival. They decided to use the information from the emails to file charges against some of MediaDefenders customers including Paramount Home Entertainment, Twentieth Century Fox and Universal Music Group for corrupting and sabotaging their BitTorrent tracker.

There is no doubt that the pirates have won this battle, and it will be very hard for MediaDefender to regain their credibility. To quote MediaDefender CEO Randy Saaf: “This is really fucked…”. Yes, I’m afraid it is Randy.